Opened 8 years ago

Closed 8 years ago

Last modified 7 years ago

#775 closed defect (wontfix)

henrietta-cache: Generalise "tarbomb" handling?

Reported by: sjamaan Owned by: sjamaan
Priority: minor Milestone: 4.9.0
Component: extensions Version: 4.7.x
Keywords: henrietta-cache Cc:
Estimated difficulty:

Description

Currently only the zip downloads extract and see whether the files were extracted to the current directory (aka "tarbomb" but for zipfiles, since zips are more likely to do such stupid things) or to a subdirectory of it.

This should instead be done for all types, and search for the "shallowest" setup-file. The directory at that level should be put in the cache. This should enable downloads from places like Launchpad, which put the file into a deep idiotic directory that matches the directory structure on launchpad (something like "~peter-bex/bzr-egg-author/trunk". yes, this includes a nasty tilde character).

I'm not 100% convinced this is a sane idea, so I should think about this some more. If anyone reading this has an opinion on how to deal with this, let me know, please.

If multiple setup-files are found, this may present us with an ambiguity. It also seems too "clever" and DWIMmy to really ever work properly. Launchpad's loggehead should really be fixed to offer proper downloads.

Change History (2)

comment:1 Changed 8 years ago by sjamaan

Resolution: wontfix
Status: newclosed

After pondering it some more, it still seems a bad idea and a probable source of many subtle bugs, so I'm not going to do it. Nobody uses Launchpad anyway ;)

comment:2 Changed 7 years ago by felix winkelmann

Milestone: 4.8.04.9.0

Milestone 4.8.0 deleted

Note: See TracTickets for help on using tickets.